RM 1.1 Allowing zip files a security risk?

[Mr Lucky]

If I allow members to attach zip files for download, I get the feeling we could lay ourselves open to malware?

Is this correct?

If so is there any kind of safer alternative?

Thanks.

 

[Paul B]

The contents of a .zip file could be anything.

Users should always be wary of downloading or opening files they don't trust or can't verify the content of.

 

[Mr Lucky]

Yes, that's what I thought. But if somebody did somehow up[load something malicious, e.g. a trusted member who suddenly became nasty, then would I, as forum owner, be responsible?

This kind of implies I/we are safest with a disclaimer on the resource download page.

 

[MattW]

You could always put somthing on the server such as clamav with maldet and have it scan the directories where the files are uploaded.